At Mon, 26 Jun 2017 11:27:30 +0200, martin f krafft wrote: > > Martin, I think --no-auto-check-trustdb and a cron job will > > already make it much more bearable, with the current state of > > things. That's what I'd suggest. > > I've been doing that for a long time already, and yes, it mitigates > the issue a little bit. I still think that the interface doesn't > exactly invite people to invest time into the WoT, which directly > translates into lesser quality.
I disagree that this is the bottleneck. Two very strong arguments against the WoT, IMO are: 1. Key signing is too hard to do right. 2. Key signing exposes the social graph. 1 means that people primarily interested in protecting their privacy don't bother. 2 means that organizations like the Organized Crime and Corruption Reporting Project (OCCRP) can't use the WoT, because it places their reporters and sources in danger. We could perhaps fix 1 by doing more red teaming (i.e., fake attacks so that people see the actual utility of checking keys), but I'm not sure that's the best way forward. :) Neal _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
